This article is more than six months old

Why copycats are riskier than users think

Why copycats are riskier than users think’s rapid success left many DeFi degens sidelined. Credit: Rita Fortunato/DL News
  • Stars Arena exploits underline risks of forked protocols.
  • THORSwap appeases law enforcement by shutting off website.
  • Bonds yield big returns for MakerDAO and Dai holders.

A version of this story appeared in our The Decentralised newsletter. Sign up here.

Hey everyone, Tim here.

The recent code exploits befalling copycat Stars Arena have once again highlighted the dangers of throwing money into forks of popular protocols.

On the surface, the way forks function appears practically identical to the original protocol they’re based on — they use much of the same code after all.

But the devil is always in the details.

Just because code works in one implementation doesn’t mean it’s guaranteed to work the same elsewhere.

Stars Arena suffered two exploits recently.

Although the first was relatively minor, only costing the protocol’s users about $2,000, it turned out to be a sign of deeper problems.

Join the community to get our latest stories and updates

Less than 48 hours after the first exploit, hackers found a much more serious breach that wiped all $3 million of user deposits.

The allure of forks is clear to see.’s rapid success left many DeFi degens sidelined. When clones start popping up on other blockchains, those who missed out the first time felt they had another shot to hit it big.

But, as crypto personality Jordan Fish a.k.a cobie points out, the rewards of putting money into forks are rarely worth the risks.


Continuing on the theme of hacks, the FTX hacker who swiped $450 million from the exchange shortly after it declared bankruptcy last year has started moving their ill-gotten gains.

The destination: Bitcoin — via a DeFi exchange on THORChain called THORSwap.

Unfortunately for THORSwap, having a known hacker send millions worth of crypto through your exchange is problematic to say the least.

THORSwap’s team, many of whom are reportedly based in the US, chose to shut down THORSwap’s website frontend after consulting with their legal counsel and law enforcement.

It’s likely this sort of response will become more common across DeFi.

If there’s a way to shut down a protocol — even just the website that lets users interact with it — developers will do it, if for no other reason than a show of good faith that they stand against criminal activity.

Of course, for any tech savvy hackers, shutting down websites does nothing.

They can still interact with a protocol’s smart contracts directly, or using other frontends.

If authorities are content with protocols just blocking problematic addresses from using their frontends, I’d count that as a blessing.

But based on what has happened with privacy protocol Tornado Cash, I don’t think that will be the case.

On a more positive note, lending protocol MakerDAO has tripled its profit forecast by taking advantage of high US bond yields and delivering the rewards to holders of its Dai stablecoin.

The strategy is so successful, other protocols, such as Frax Finance, are following suit.

Some oppose integrating so-called real-world assets into DeFi, believing it should remain distinct from traditional finance.

To me, it’s one of the only things keeping DeFi relevant to those outside the space.

As long as the protocols engaging with US Treasuries manage their risk well and rates stay higher for longer — as the Fed keeps telling us — I can see the sector continuing to grow.

In addition to MakerDAO and Frax, check out smaller players such as Ondo Finance and Matrix Dock to see how the nascent real-world asset sector is innovating.

Data of the week

Real-world assets like US Treasuries now make up over 50% of MakerDAO’s balance sheet. This figure was around 12% at the start of the year.

Real world assets on MakerDAO's balance sheet

This week in DeFi governance — Arbitrum STIP edition

VOTE: GMX asks Arbitrum DAO for 12 million ARB

VOTE: Dopex asks Arbitrum DAO for 1.5 million ARB

VOTE: Lido asks Arbitrum DAO for 4 million ARB

Post of the week

Molly is one of several to point out the similarities between the financial and geopolitical situations in 2009 and today using The Times headline enshrined by Satoshi Nakamoto in the first block of the Bitcoin blockchain.

What we’re watching

Ether liquid staking provider Lido approaches a 33% share of all Ether staked on Ethereum, potentially creating a centralisation risk for the blockchain.

Aave companies CEO Stani Kulechov appears to suggest Aave build a Lido competitor.

The last time Kulechov threw out an idea like this on social media, we got Lens Protocol.

Have you joined our Telegram channel yet? Check out our News Feed for the latest breaking stories, community polls, and of course — the memes.

Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out to him with tips at

Disclosure: Tim holds over $1,000 worth of Bitcoin, Ether, Swell staked Ether, Redacted Cartel, and GMX. He also holds an insignificant amount in NFTs.